Fixed kerberos path again. Default Ubuntu installs do indeed use /var/lib/krb5kdc. Really should try to autodetect that.
#!/usr/bin/perl
use strict;
use warnings;
use DB_File;
use Net::LDAP;
use YAML;
open my $fp, "<", "/usr/local/etc/ssoinabox/webcreds.yml" or die "failed to open yaml";
my $config = YAML::LoadFile $fp;
close $fp;
# connect to LDAP
my $ldap = Net::LDAP->new($config->{'ldap_server'})
or die "Failed to connect to LDAP: $!";
$ldap->bind($config->{'ldap_manager'}->{'dn'}, password => $config->{'ldap_manager'}->{'password'})
or die "Failed to bind to LDAP: $!";
# search for POSIX groups
my $lr = $ldap->search(
base => $config->{'LDAP_BASEDN'}
, filter => '(objectClass=posixGroup)'
);
die "Failed to search LDAP..." if ( $lr->code );
# Fetch each group from LDAP...
my %users;
foreach my $entry ($lr->entries)
{
my $groupname = $entry->get_value('cn');
my $attrs = $entry->get_value('memberUID', asref => 1);
foreach my $member (@$attrs)
{
# Make this a user-based map, as that is what the DBM uses.
$users{$member} = [] if !defined($users{$member});
push @{$users{$member}}, $groupname;
}
}
# We're done with LDAP
$ldap->unbind;
# Prepare to write database file
my $dbm_file = "/etc/apache2/ldap-groups";
my %dbm_hash;
my ($key, $value);
# Open database file
tie %dbm_hash, "DB_File", $dbm_file, O_WRONLY or
die "Unable to open DBM file $dbm_file: $!";
# write everything out
while ( ($key, $value) = each(%users) )
{
$dbm_hash{$key} = sprintf('*:%s', join(',', @{$users{$key}}));
}
# Save and close database
untie %dbm_hash;
exit 0;
# debug - for viewing contents of the map
tie %dbm_hash, "DB_File", $dbm_file, O_RDONLY or
die "Unable to open DBM file $dbm_file: $!";
while ( ($key, $value) = each(%dbm_hash) )
{
print "$key => $value\n";
}